Sample viewer

vx.netlux.org/Virus.DOS.Coconut.2030

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:38:28.965530024Z 26 PC: 12ad6 | Set disk transfer address
2018-12-17T22:38:28.967382353Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 5
0x12a65: jne 0x12a6a
0x12a67: call 0x12ae0
0x12a6a: mov ah, 0x4e
0x12a6c: lea dx, word ptr [bp + 0x8e7]
0x12a70: mov cx, 1
0x12a73: int 0x21
0x12a75: jb 0x12acf
0x12a77: mov ax, 0x3d02
0x12a7a: lea dx, word ptr [bp + 0x911]
0x12a7e: int 0x21
0x12a80: mov bx, ax
0x12a82: mov ah, 0x3f
0x12a84: lea dx, word ptr [bp + 0x8ed]
0x12a88: mov cx, 3
0x12a8b: int 0x21
0x12a8d: mov ax, word ptr ds:[bp + 0x90d]
0x12a92: mov cx, word ptr ds:[bp + 0x8ee]
0x12a97: add cx, 0x7f1
0x12a9b: cmp ax, cx
2018-12-17T22:38:28.969896211Z 78 PC: 12a75 | Find first file
2018-12-17T22:38:28.976067603Z 61 PC: 12a80 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:38:28.98384067Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:28.990170353Z 66 PC: 12adf | Move file pointer
2018-12-17T22:38:28.991526566Z 64 PC: 12ab7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:38:28.995144524Z 66 PC: 12adf | Move file pointer
2018-12-17T22:38:28.99750428Z 64 PC: 12ac7 | Write file or device (Write 2030 bytes on handle 5)
2018-12-17T22:38:29.012971126Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.020778569Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.023923503Z 61 PC: 12a80 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:38:29.03036141Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.036610391Z 66 PC: 12adf | Move file pointer
2018-12-17T22:38:29.038382963Z 64 PC: 12ab7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:38:29.040860079Z 66 PC: 12adf | Move file pointer
2018-12-17T22:38:29.046629331Z 64 PC: 12ac7 | Write file or device (Write 2030 bytes on handle 5)
2018-12-17T22:38:29.055475354Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.063736648Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.066285655Z 61 PC: 12a80 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:38:29.072949653Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.079374089Z 66 PC: 12adf | Move file pointer
2018-12-17T22:38:29.080690678Z 64 PC: 12ab7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:38:29.083764923Z 66 PC: 12adf | Move file pointer
2018-12-17T22:38:29.085362417Z 64 PC: 12ac7 | Write file or device (Write 2030 bytes on handle 5)
2018-12-17T22:38:29.094107596Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.102937639Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.105530699Z 61 PC: 12a80 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:38:29.111844506Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.118508284Z 66 PC: 12adf | Move file pointer
2018-12-17T22:38:29.120118068Z 64 PC: 12ab7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:38:29.122704892Z 66 PC: 12adf | Move file pointer
2018-12-17T22:38:29.125296521Z 64 PC: 12ac7 | Write file or device (Write 2030 bytes on handle 5)
2018-12-17T22:38:29.134116933Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.142129323Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.145255253Z 61 PC: 12a80 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:38:29.151762169Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.157922371Z 66 PC: 12adf | Move file pointer
2018-12-17T22:38:29.159279863Z 64 PC: 12ab7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:38:29.161964667Z 66 PC: 12adf | Move file pointer
2018-12-17T22:38:29.163217701Z 64 PC: 12ac7 | Write file or device (Write 2030 bytes on handle 5)
2018-12-17T22:38:29.172178105Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.180226897Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.182659487Z 61 PC: 12a80 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:38:29.188878627Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.195896997Z 66 PC: 12adf | Move file pointer
2018-12-17T22:38:29.197159481Z 64 PC: 12ab7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:38:29.199710764Z 66 PC: 12adf | Move file pointer
2018-12-17T22:38:29.201826229Z 64 PC: 12ac7 | Write file or device (Write 2030 bytes on handle 5)
2018-12-17T22:38:29.210687469Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.21855554Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.222284002Z 61 PC: 12a80 | Open file (Filename = 'PAH.COM')
2018-12-17T22:38:29.228906694Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.235215865Z 66 PC: 12adf | Move file pointer
2018-12-17T22:38:29.237617286Z 64 PC: 12ab7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:38:29.240103164Z 66 PC: 12adf | Move file pointer
2018-12-17T22:38:29.241474233Z 64 PC: 12ac7 | Write file or device (Write 2030 bytes on handle 5)
2018-12-17T22:38:29.250041361Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.25769892Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.260851468Z 61 PC: 12a80 | Open file (Filename = 'TEST.COM')
2018-12-17T22:38:29.267604441Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.269951383Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.27176481Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.274370302Z 26 PC: 12ad6 | Set disk transfer address
2018-12-17T22:38:29.275499725Z 26 PC: 12ad6 | Set disk transfer address
2018-12-17T22:38:29.276569219Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 5
0x12a65: jne 0x12a6a
0x12a67: call 0x12ae0
0x12a6a: mov ah, 0x4e
0x12a6c: lea dx, word ptr [bp + 0x8e7]
0x12a70: mov cx, 1
0x12a73: int 0x21
0x12a75: jb 0x12acf
0x12a77: mov ax, 0x3d02
0x12a7a: lea dx, word ptr [bp + 0x911]
0x12a7e: int 0x21
0x12a80: mov bx, ax
0x12a82: mov ah, 0x3f
0x12a84: lea dx, word ptr [bp + 0x8ed]
0x12a88: mov cx, 3
0x12a8b: int 0x21
0x12a8d: mov ax, word ptr ds:[bp + 0x90d]
0x12a92: mov cx, word ptr ds:[bp + 0x8ee]
0x12a97: add cx, 0x7f1
0x12a9b: cmp ax, cx
2018-12-17T22:38:29.279294019Z 78 PC: 12a75 | Find first file
2018-12-17T22:38:29.284910564Z 61 PC: 12a80 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:38:29.291115222Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.29758403Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.299355105Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.301820666Z 61 PC: 12a80 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:38:29.308562796Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.315074336Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.31668637Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.320078674Z 61 PC: 12a80 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:38:29.326952637Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.333079203Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.335171865Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.337760326Z 61 PC: 12a80 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:38:29.343936575Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.350435361Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.352019828Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.354535568Z 61 PC: 12a80 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:38:29.361466008Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.367612436Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.369166243Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.371726141Z 61 PC: 12a80 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:38:29.378006881Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.384307029Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.386457173Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.390531771Z 61 PC: 12a80 | Open file (Filename = 'PAH.COM')
2018-12-17T22:38:29.396978819Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.403461499Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.405881379Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.408618125Z 61 PC: 12a80 | Open file (Filename = 'TEST.COM')
2018-12-17T22:38:29.415222977Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:29.418253808Z 62 PC: 12acb | Close file
2018-12-17T22:38:29.419975813Z 79 PC: 12a75 | Find next file
2018-12-17T22:38:29.422371334Z 26 PC: 12ad6 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6589,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:53.76922107Z 26 PC: 12ad6 | Set disk transfer address
2018-12-25T11:59:53.771655911Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 5
0x12a65: jne 0x12a6a
0x12a67: call 0x12ae0
0x12a6a: mov ah, 0x4e
0x12a6c: lea dx, word ptr [bp + 0x8e7]
0x12a70: mov cx, 1
0x12a73: int 0x21
0x12a75: jb 0x12acf
0x12a77: mov ax, 0x3d02
0x12a7a: lea dx, word ptr [bp + 0x911]
0x12a7e: int 0x21
0x12a80: mov bx, ax
0x12a82: mov ah, 0x3f
0x12a84: lea dx, word ptr [bp + 0x8ed]
0x12a88: mov cx, 3
0x12a8b: int 0x21
0x12a8d: mov ax, word ptr ds:[bp + 0x90d]
0x12a92: mov cx, word ptr ds:[bp + 0x8ee]
0x12a97: add cx, 0x7f1
0x12a9b: cmp ax, cx
2018-12-25T11:59:53.774059706Z 78 PC: 12a75 | Find first file
2018-12-25T11:59:53.780166528Z 61 PC: 12a80 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:53.786753306Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:53.793959566Z 66 PC: 12adf | Move file pointer
2018-12-25T11:59:53.795406295Z 64 PC: 12ab7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:53.798079241Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:53.800348602Z 64 PC: 12ac7 | Write file or device (Write 2030 bytes on handle 5)
2018-12-25T11:59:53.815099165Z 62 PC: 12acb | Close file
2018-12-25T11:59:53.823561197Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:53.826995111Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:53.833767527Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:53.840235311Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:53.842790042Z 64 PC: 12ab7 | Write file or device (See above)
2018-12-25T11:59:53.846816445Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:53.847967073Z 64 PC: 12ac7 | Write file or device (See above)
2018-12-25T11:59:53.853954405Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:53.859256123Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:53.860941892Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:53.866012093Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:53.871395834Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:53.872691566Z 64 PC: 12ab7 | Write file or device (See above)
2018-12-25T11:59:53.8749906Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:53.876049196Z 64 PC: 12ac7 | Write file or device (See above)
2018-12-25T11:59:53.882602615Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:53.891905926Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:53.894950474Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:53.901642209Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:53.908241299Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:53.909790066Z 64 PC: 12ab7 | Write file or device (See above)
2018-12-25T11:59:53.911734537Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:53.912817677Z 64 PC: 12ac7 | Write file or device (See above)
2018-12-25T11:59:53.918858974Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:53.924061589Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:53.925943485Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:53.931693205Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:53.937378612Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:53.938653569Z 64 PC: 12ab7 | Write file or device (See above)
2018-12-25T11:59:53.94223062Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:53.94359225Z 64 PC: 12ac7 | Write file or device (See above)
2018-12-25T11:59:53.951591299Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:53.960268092Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:53.962942485Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:53.969032114Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:53.975729808Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:53.977620231Z 64 PC: 12ab7 | Write file or device (See above)
2018-12-25T11:59:53.980300758Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:53.982064274Z 64 PC: 12ac7 | Write file or device (See above)
2018-12-25T11:59:53.992158901Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.000131872Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.002534321Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.009485992Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.016787127Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.018041558Z 64 PC: 12ab7 | Write file or device (See above)
2018-12-25T11:59:54.021199541Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.02259739Z 64 PC: 12ac7 | Write file or device (See above)
2018-12-25T11:59:54.031742009Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.040098886Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.042645766Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.048863515Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.051735922Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.053939937Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.056188872Z 26 PC: 12ad6 | Set disk transfer address (See above)
2018-12-25T11:59:54.05781214Z 26 PC: 12ad6 | Set disk transfer address (See above)
2018-12-25T11:59:54.058728052Z 42 PC: 12a62 | Get date (See above)
2018-12-25T11:59:54.060637744Z 78 PC: 12a75 | Find first file (See above)
2018-12-25T11:59:54.066462782Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.073103738Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.079090498Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.080875353Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.083851409Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.099276325Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.106064762Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.109028656Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.111883541Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.119789828Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.126668581Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.128711048Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.132284674Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.138937674Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.145350882Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.147975839Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.150911614Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.158549481Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.166121783Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.168387867Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.171406088Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.178019387Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.184962042Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.187055164Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.190058901Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.197563867Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.204541822Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.206173375Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.208840225Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.215193977Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.221372092Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.224765082Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.226626481Z 26 PC: 12ad6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6589,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:54.486949794Z 26 PC: 12ad6 | Set disk transfer address
2018-12-25T11:59:54.490043173Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 5
0x12a65: jne 0x12a6a
0x12a67: call 0x12ae0
0x12a6a: mov ah, 0x4e
0x12a6c: lea dx, word ptr [bp + 0x8e7]
0x12a70: mov cx, 1
0x12a73: int 0x21
0x12a75: jb 0x12acf
0x12a77: mov ax, 0x3d02
0x12a7a: lea dx, word ptr [bp + 0x911]
0x12a7e: int 0x21
0x12a80: mov bx, ax
0x12a82: mov ah, 0x3f
0x12a84: lea dx, word ptr [bp + 0x8ed]
0x12a88: mov cx, 3
0x12a8b: int 0x21
0x12a8d: mov ax, word ptr ds:[bp + 0x90d]
0x12a92: mov cx, word ptr ds:[bp + 0x8ee]
0x12a97: add cx, 0x7f1
0x12a9b: cmp ax, cx
2018-12-25T11:59:54.495719504Z 9 PC: 12b54 | Display string (Could not find end pointer)
2018-12-25T11:59:54.521143852Z 76 PC: 131df | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6589,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:54.601158938Z 26 PC: 12ad6 | Set disk transfer address
2018-12-25T11:59:54.603422904Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 5
0x12a65: jne 0x12a6a
0x12a67: call 0x12ae0
0x12a6a: mov ah, 0x4e
0x12a6c: lea dx, word ptr [bp + 0x8e7]
0x12a70: mov cx, 1
0x12a73: int 0x21
0x12a75: jb 0x12acf
0x12a77: mov ax, 0x3d02
0x12a7a: lea dx, word ptr [bp + 0x911]
0x12a7e: int 0x21
0x12a80: mov bx, ax
0x12a82: mov ah, 0x3f
0x12a84: lea dx, word ptr [bp + 0x8ed]
0x12a88: mov cx, 3
0x12a8b: int 0x21
0x12a8d: mov ax, word ptr ds:[bp + 0x90d]
0x12a92: mov cx, word ptr ds:[bp + 0x8ee]
0x12a97: add cx, 0x7f1
0x12a9b: cmp ax, cx
2018-12-25T11:59:54.60577798Z 78 PC: 12a75 | Find first file
2018-12-25T11:59:54.611879506Z 61 PC: 12a80 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:54.61956422Z 63 PC: 12a8d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:54.630609595Z 66 PC: 12adf | Move file pointer
2018-12-25T11:59:54.632587582Z 64 PC: 12ab7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:54.635874784Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.637303372Z 64 PC: 12ac7 | Write file or device (Write 2030 bytes on handle 5)
2018-12-25T11:59:54.654842596Z 62 PC: 12acb | Close file
2018-12-25T11:59:54.663475796Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.666182997Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.672584744Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.679099561Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.681363378Z 64 PC: 12ab7 | Write file or device (See above)
2018-12-25T11:59:54.68430463Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.685998707Z 64 PC: 12ac7 | Write file or device (See above)
2018-12-25T11:59:54.695561326Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.704244047Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.707154063Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.714858001Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.721195674Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.722505587Z 64 PC: 12ab7 | Write file or device (See above)
2018-12-25T11:59:54.725842606Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.728034842Z 64 PC: 12ac7 | Write file or device (See above)
2018-12-25T11:59:54.736687437Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.745314546Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.748314761Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.754785376Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.761741319Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.764086281Z 64 PC: 12ab7 | Write file or device (See above)
2018-12-25T11:59:54.767056791Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.76953654Z 64 PC: 12ac7 | Write file or device (See above)
2018-12-25T11:59:54.778359809Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.786428074Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.789975659Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.797208264Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.803735852Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.805628365Z 64 PC: 12ab7 | Write file or device (See above)
2018-12-25T11:59:54.808799834Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.810491134Z 64 PC: 12ac7 | Write file or device (See above)
2018-12-25T11:59:54.819270832Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.828115882Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.83065688Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.837915299Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.845048492Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.846802458Z 64 PC: 12ab7 | Write file or device (See above)
2018-12-25T11:59:54.849777409Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.852561739Z 64 PC: 12ac7 | Write file or device (See above)
2018-12-25T11:59:54.861443628Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.869584795Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.873450979Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.880082658Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.88630888Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.888549281Z 64 PC: 12ab7 | Write file or device (See above)
2018-12-25T11:59:54.891441078Z 66 PC: 12adf | Move file pointer (See above)
2018-12-25T11:59:54.892855907Z 64 PC: 12ac7 | Write file or device (See above)
2018-12-25T11:59:54.901702175Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.909801548Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.916787864Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.923664795Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.927232513Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.929202995Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.931785809Z 26 PC: 12ad6 | Set disk transfer address (See above)
2018-12-25T11:59:54.934060237Z 26 PC: 12ad6 | Set disk transfer address (See above)
2018-12-25T11:59:54.935351732Z 42 PC: 12a62 | Get date (See above)
2018-12-25T11:59:54.937674329Z 78 PC: 12a75 | Find first file (See above)
2018-12-25T11:59:54.954562757Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.96102788Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.967283063Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.969704665Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.972251834Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:54.98428582Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:54.991147636Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:54.992947143Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:54.995612104Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:55.004894238Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:55.021871534Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:55.023774958Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:55.027239055Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:55.033568029Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:55.040059537Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:55.042738423Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:55.045231603Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:55.052202888Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:55.059332143Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:55.061610968Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:55.064382491Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:55.071149463Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:55.07822502Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:55.07990107Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:55.082537055Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:55.08999344Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:55.096250668Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:55.097942274Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:55.101557188Z 61 PC: 12a80 | Open file (See above)
2018-12-25T11:59:55.10853117Z 63 PC: 12a8d | Read file or device (See above)
2018-12-25T11:59:55.114892194Z 62 PC: 12acb | Close file (See above)
2018-12-25T11:59:55.118662807Z 79 PC: 12a75 | Find next file (See above)
2018-12-25T11:59:55.121273383Z 26 PC: 12ad6 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6589,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:54.945041098Z 26 PC: 12ad6 | Set disk transfer address
2018-12-25T11:59:54.94892928Z 42 PC: 12a62 | Get date 0x12a62: cmp dh, 5
0x12a65: jne 0x12a6a
0x12a67: call 0x12ae0
0x12a6a: mov ah, 0x4e
0x12a6c: lea dx, word ptr [bp + 0x8e7]
0x12a70: mov cx, 1
0x12a73: int 0x21
0x12a75: jb 0x12acf
0x12a77: mov ax, 0x3d02
0x12a7a: lea dx, word ptr [bp + 0x911]
0x12a7e: int 0x21
0x12a80: mov bx, ax
0x12a82: mov ah, 0x3f
0x12a84: lea dx, word ptr [bp + 0x8ed]
0x12a88: mov cx, 3
0x12a8b: int 0x21
0x12a8d: mov ax, word ptr ds:[bp + 0x90d]
0x12a92: mov cx, word ptr ds:[bp + 0x8ee]
0x12a97: add cx, 0x7f1
0x12a9b: cmp ax, cx
2018-12-25T11:59:54.956162278Z 9 PC: 12b54 | Display string (Could not find end pointer)
2018-12-25T11:59:54.980507104Z 76 PC: 131df | Terminate with return code (Return code = '0')